Unrestricted file upload vulnerability in admin/add.php in Midicart allows remote authenticated users to upload arbitrary .php files, and possibly other files, to the images/ directory under the web root.
Publication date: Tue, 12 Dec 2006 00:28:00 +0000